//package com.authorization.authcode.config;
//
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.core.annotation.Order;
//import org.springframework.data.redis.connection.RedisConnectionFactory;
//import org.springframework.security.authentication.AuthenticationManager;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.http.SessionCreationPolicy;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
//import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
//import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
//import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
//import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
//import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
//import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
//
//
//
//@Configuration
//public class OAuth2ServerConfig  {
//    //private static final String DEMO_RESOURCE_ID = "auth_code_moon";
//
//
//    @Configuration
//    @Order(6)
//    protected static class ResourceServerConfiguration extends  ResourceServerConfigurerAdapter {
//        @Override
//        public void configure(HttpSecurity http) throws Exception {
//            // @formatter:off
//            http
//                    // Since we want the protected resources to be accessible in the UI as well we need
//                    // session creation to be allowed (it's disabled by default in 2.0.6)
//                    .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
//                    .and()
//                    .requestMatchers().anyRequest()
//                    .and()
//                    .anonymous()
//                    .and()
//                    .authorizeRequests()
//                    .antMatchers("/", "/home").permitAll()
////                    .antMatchers("/product/**").access("#oauth2.hasScope('select') and hasRole('ROLE_USER')")
//                    .antMatchers("/resource/**").authenticated();//配置order访问控制，必须认证过后才可以访问
//                    //.antMatchers("/hello").authenticated();
//            
//            // @formatter:on
//        }
//    
//    }
//
//
//    @Configuration
//    @EnableAuthorizationServer
//    protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
//
//
//        @Autowired
//        RedisConnectionFactory redisConnectionFactory;
//        
//        @Override
//        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
//            //配置两个客户端,一个用于password认证一个用于client认证
//        	//clients.withClientDetails(clientDetails());
//        	/*
//            clients.inMemory().withClient("client_1")
//            .resourceIds(DEMO_RESOURCE_ID)
//            .authorizedGrantTypes("client_credentials", "refresh_token")
//            .scopes("select")
//            .authorities("client")
//            .secret(new BCryptPasswordEncoder().encode("123456"))
//            .and().withClient("client_2")
//            .resourceIds(DEMO_RESOURCE_ID)
//            .authorizedGrantTypes("password", "refresh_token")
//            .scopes("select")
//            .authorities("client")
//            .secret(new BCryptPasswordEncoder().encode("123456"))
//            .accessTokenValiditySeconds(100)
//            .refreshTokenValiditySeconds(100)
//            ;
//            */
//            clients.inMemory()
//            .withClient("client1")//用于标识用户ID
//            .authorizedGrantTypes("authorization_code","refresh_token")//授权方式
//            .scopes("test")//授权范围
//            .redirectUris("www.baidu.com")
//            .secret(new BCryptPasswordEncoder().encode("123456"));//客户端安全码,secret密码配置从 Spring Security 5.0开始必须以 {bcrypt}+加密后的密码 这种格式填写;
//            
//        }
//
//        @Override
//        public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
//            endpoints.tokenStore(new RedisTokenStore(redisConnectionFactory));
//            
//        }
//
//
//        @Override
//        public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
//            //允许表单认证
//            oauthServer.allowFormAuthenticationForClients();
//            oauthServer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
//        }
//        // @Bean
//        // public ClientDetailsService clientDetails() {
//        //     return new JdbcClientDetailsService(dataSource);
//        // }
//
//    }
//
//    
//}